summaryrefslogtreecommitdiff
path: root/doc/README.pxe
diff options
context:
space:
mode:
authorRaul Cardenas <Ulises.Cardenas@freescale.com>2015-02-27 11:22:06 -0600
committerStefano Babic <sbabic@denx.de>2015-03-02 09:57:06 +0100
commit0200020bc2b8192c31dc57c600865267f51bface (patch)
tree77e47e958773096b7cb53c20a0c6a1f4d83e46d8 /doc/README.pxe
parentb5cd10b911f632f74e1211ef786989781d2a1ca1 (diff)
downloadu-boot-imx-0200020bc2b8192c31dc57c600865267f51bface.zip
u-boot-imx-0200020bc2b8192c31dc57c600865267f51bface.tar.gz
u-boot-imx-0200020bc2b8192c31dc57c600865267f51bface.tar.bz2
imx6: Added DEK blob generator command
Freescale's SEC block has built-in Data Encryption Key(DEK) Blob Protocol which provides a method for protecting a DEK for non-secure memory storage. SEC block protects data in a data structure called a Secret Key Blob, which provides both confidentiality and integrity protection. Every time the blob encapsulation is executed, a AES-256 key is randomly generated to encrypt the DEK. This key is encrypted with the OTP Secret key from SoC. The resulting blob consists of the encrypted AES-256 key, the encrypted DEK, and a 16-bit MAC. During decapsulation, the reverse process is performed to get back the original DEK. A caveat to the blob decapsulation process, is that the DEK is decrypted in secure-memory and can only be read by FSL SEC HW. The DEK is used to decrypt data during encrypted boot. Commands added -------------- dek_blob - encapsulating DEK as a cryptgraphic blob Commands Syntax --------------- dek_blob src dst len Encapsulate and create blob of a len-bits DEK at address src and store the result at address dst. Signed-off-by: Raul Cardenas <Ulises.Cardenas@freescale.com> Signed-off-by: Nitin Garg <nitin.garg@freescale.com> Signed-off-by: Ulises Cardenas <ulises.cardenas@freescale.com> Signed-off-by: Ulises Cardenas-B45798 <Ulises.Cardenas@freescale.com>
Diffstat (limited to 'doc/README.pxe')
0 files changed, 0 insertions, 0 deletions